GCVE - cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Lutron (`a8b22abf-be36-5d37-b592-4e308f5b4c71`)
Product	Homeworks Qs (`4ee657d0-28d1-549e-81b6-869a429d235b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-11682`	not_vulnerable	2026-06-08 05:10:38.790400	Details available Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine Published: 2018-06-02T13:00:00.000Z Updated: 2024-08-05T08:17:07.838Z Open on db.gcve.eu Reference links http://sadfud.me/explotos/CVE-2018-11629 https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/ http://www.lutron.com/TechnicalDocumentLibrary/040249.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11681`	not_vulnerable	2026-06-08 05:10:38.789546	Details available Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine Published: 2018-06-02T13:00:00.000Z Updated: 2024-08-05T08:17:08.550Z Open on db.gcve.eu Reference links http://sadfud.me/explotos/CVE-2018-11629 https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/ http://www.lutron.com/TechnicalDocumentLibrary/040249.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11629`	not_vulnerable	2026-06-08 05:10:38.742729	Details available Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine Published: 2018-06-02T13:00:00.000Z Updated: 2024-08-05T08:17:08.442Z Open on db.gcve.eu Reference links http://sadfud.me/explotos/CVE-2018-11629 https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/ http://www.lutron.com/TechnicalDocumentLibrary/040249.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.